One Thousand Gnomes <gnomes@...> writes: > Trusted is rather misleading. It's not trusted, it's *measured*. > > It's the same bits you had when you made it, and when you booted it > before. Whether you trust them is a different and quite unrelated > question. You may have reasons to do either. I believe mjg's point is that the patch implement's the kernel's view of its trust requirements, and is thus independent of whether it is measured or not. Frankly, from my experience, the term "trust" is one of the most confusing ones in the security field... In general, unlike the intuitive definition, "trust" is a _negative_ feature. To say it differently: a "Trusted Kernel" is "a kernel that believes someone trusts it". It does _not_ mean the kernel is actually _trustworthy_. A "measured" kernel is one way for it to be trustworthy - but you cannot trust the kernel to tell you if it is measured. (This is a classic case of the Epimenides paradox: if the kernel is untrustworhy, it will always claim to be trusted.) -Alon -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
